The last couple of years have seen a slew of successful attacks against high-profile organisations. RSA, Google, Verizon – companies that have top security measures in place are being breached, and many of these breaches could have been easily avoided.
John Mc Loughlin, MD of J2 Software, says there are several, really simple steps that individuals and businesses can take to avoid falling foul of cyber-attacks. All of the points mentioned below should stem from a well formulated, short and easy to understand policy for data security. It is vital that all users understand the policy, know what is required of them and that the business has the ability to show compliance with the policy.
Firstly make sure your sensitive data is physically secured. This means locking down desktops and laptops as a deterrent.
“Before leaving the office, make sure any files and mobile devices are locked away, or taken with you. Don’t leave them lying around. This goes for cars and houses too, don’t leave papers and equipment unattended. At work, shred confidential documents before throwing them away.”
He says to also be mindful of documents left on printers and fax machines. “Rule of thumb, don’t leave any sensitive data lying around, unprotected and treat all printed material as confidential.”
Business should also regularly destroy restricted and sensitive data when it is no longer needed for any business purpose. Keeping the amount of sensitive data stored to the bare minimum reduces risk should a data breach occur. If you do need to keep this data, ensure it is encrypted for an extra layer of protection.
In addition, make sure you have access controls in place. No employee should have access to any data other than what is essential for them to do their jobs. Educate your employees on how to treat sensitive data, to avoid negligence.
Ensure that you measure and report on compliance with these access controls. It is recommended that besides standard access controls you also make sure you have ongoing automated checks to ensure compliance.
“It is too easy to walk out of the office with a sensitive file, and leave it lying around. A list of do’s and don’ts will be helpful here,” says Mc Loughlin.
“Ensure you have strong, cryptic passwords that would be impossible to guess, and keep them secure. Remember, it is not very hard for cybercriminals to brute force hack a password, so the longer, and more mixed-up – with a mixture of capitals, symbols and numbers – your passwords are, the better.”
Also, don’t share or reveal passwords to anyone, and use different passwords for accounts that provide access to restricted data than for your less-sensitive accounts. Whatever you do, don’t use the same password for everything – that is a cybercriminal’s dream, Mc Loughlin points out.
Have a good anti-malware product installed and keep it up to date. Patch your software regularly, and don’t click on unsolicited attachments in emails, or any suspicious links. Be wary of files sent to you via an IM, friends on Social Media or P2P software – these can bypass your AV, and download malicious files to your computer.
“Don’t install unknown or suspicious programs on your computer. These are notorious for containing malicious code or back doors that can give cyber thieves remote control of your machine.”
Lastly, be wary of what information you share on social media. Many attacks today happen through spear-phishing, which uses social engineering to target an organisation through an individual. Educate your employees on phishing, and teach them to question even messages with links that appear to be from trusted sources.
